WordPad Security Flaw Discovered
January 21, 2009 by AntivirusWare.Microsoft is looking into reports of a flaw in the WordPad text converter. The software is vulnerable to attacks through Word 97 files, according to Microsoft. Microsoft has stated that they are aware of the security issue, and that there are very limited, targeted attacks which are intended to exploit the vulnerability.
The flaw, a zero-day flaw, is similar to the one reported to have been found in Internet Explorer 7. The flaw only affects users of Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. It does not, however, affect Windows XP Service Pack 3, Windows Vista, and Windows Server 2008.
When Microsoft Word is first installed on a computer, Word 97 documents are set by default using Word. Microsoft has stated that Word is not affected by this vulnerability. An attacker could, however, rename any malicious file with a Windows Write (.wri) extension. Then the file would launch WordPad instead of Word. By successfully exploiting this breach, an attacker could gain the same rights as the local user.
The good news about the flaw is that it cannot be exploited through email. For an attack to succeed, a user must open the email attachment, and launch it. Microsoft notes that the .wri file type can be blocked by Internet security software.
Among the solutions that Microsoft may offer several possible solutions once their investigation is complete. For example, they could issue a service pack, include a bulletin in its next monthly security update, or issue an out-of-cycle security update.